Holmesware

Win 10 update (KB5028166) - uninstall and re-apply - Fixed all my issues Note: uninstalling the update then rebooting the system triggered installing the update before the login screen. FALSE - This did not happen. The update was removed and stayed removed, but it looks like it will reinstall on the next Windows Update. This has to do with a SAMBA bug in the Zentyal Domain Controller world. https://forum.zentyal.org/index.php/topic,35598.0.html - Unraid mounting an SMB share on a Window 10 Workstation - Remote Assistance now works when initiated remotely - Shared bi-directional USB laser printer now works from remote workstations The Actual Samba Bug - https://bugzilla.samba.org/show_bug.cgi?id=15418 Solved-ish - Until there is a Samba fix for my domain controller I will not be able to reapply KB5028166 to my workstations. SOLVED - Patch for Ubuntu 18.04 LTS Bionc - https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kb5028166/

This happens from 2 different Unraid servers (6.11.5 and 6.12.2) to any Windows 10 Domain connected computer. Mounting a Windows Share <REMOTE COMPUTER> from an Unraid <SERVER> no longer works. Has been working for close to 2 years until now. <SERVER> kernel: CIFS: Attempting to mount \\<REMOTE COMPUTER>\ServerData <SERVER> kernel: CIFS: Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE <SERVER> kernel: CIFS: VFS: \\<REMOTE COMPUTER> Send error in SessSetup = -5 <SERVER> kernel: CIFS: VFS: cifs_mount failed w/return code = -5 <SERVER> unassigned.devices: SMB 3.1.1 mount failed: 'mount error(5): Input/output error The mounting script goes through SMB 3.0, 2.0 and 1.0 with the same error. Lookup up this error: 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE Comes up with this description. The logon request failed because the trust relationship between this workstation and the primary domain failed. Removing any of these computers from the domain and rejoining it doesn't fix this. The same <REMOTE COMPUTER> (Windows 10) can connect to the an Unraid SMB share with no issues. Trying to manually make the connection from the command line generate the same error. Domain Controller is Zentyal 6.1.6 on Ubuntu 18.04.6 LTS. I have posted this issue in their forums as well. Other things that have stopped working at roughly the same time. - WIndows Remote Assistance - unless it's initiated from the end user with a file or email link. - Shared USB printers that require bi-directional communication. - Basic Kyocera Laser printer - no longer working. - Zebra Label printer - Works fine.

@CallOneTech I'd just like to point out that the posted fix in the dedicated channel for this issue does work. I have 5 Unraid systems with this fix applied in a environment of 70+ users. I know your fustration with this. I had random users loose access to files multiple times daily. Was driving me nuts. This issue with the fix can't be overstated enought: You have to re-apply all the permission to your file structure - this can be rather grizzly but if you planned out your permission structure it shouldn't be that hard. If not, now is the time to get your permissions in order. I learned this lesson hard long ago. @dlandon You may not realize how many people use uraid in an enterprise environment. In my tech circle I'm seeing a movement back to self hosting data for small to medium sized companies especially ones with sensitive data. I use unraid with ZFS in a Zentyal domain controller for Windows 10 worktations. VM for terminal servers and application servers. Docker for FTP service, PiHole, MySQL and whatever else I may need. I've been on the developer side of things. Most projects like this take on a form of their own after a while and go in a direction you did not intend.

ok, just spit balling here.... This issue is for an unraid box connected to a domain. I've been having issues with Windows Store apps being corrupted and having to reinstall them (calculator, snip & sketch, etc.) as the affected user with admin permissions Real pain. Been digging around on this and found that there are updates to GPO templates that will fix this. https://social.technet.microsoft.com/Forums/en-US/aa006d8f-9f01-44bb-bf90-ac0456a42153/group-policy-breaks-start-menu-modern-apps?forum=win10itprosecurity https://www.microsoft.com/en-us/download/confirmation.aspx?id=103667 I'm running Zentyal for a Domain Controller for many reasons including cost, but this issue sounds like it affects Windows and Linux based domains. Could this be part of the problem? I'm trying it out myself but not really confidient I'm going to get it right. Anyone else been down this path?

I manually edited the smb-settings.conf file to what it should be, restarted samba and *something* put it back at the bottom fully commented out. I've only seen it at the top like this. I'll try it again after hours and post video if needed. [global] #unassigned_devices_start #Unassigned devices share includes include = /tmp/unassigned.devices/smb-settings.conf #unassigned_devices_end [usershares] path = /pool/usershares hide unreadable = yes guest ok = yes writeable = yes read only = no create mask = 0770 directory mask = 0770 vfs object = recycle,shadow_copy2 recycle:repository = .recycle recycle:keeptree = yes recycle:versions = yes shadow: snapdir = .zfs/snapshot shadow: sort = desc shadow: format = zfs-auto-snap_%S-%Y-%m-%d-%H%M shadow: localtime = yes [it] path = /pool/it guest ok = yes writeable = yes read only = no create mask = 0775 directory mask = 0775 vfs object = recycle,shadow_copy2 recycle:repository = .recycle recycle:keeptree = yes recycle:versions = yes shadow: snapdir = .zfs/snapshot shadow: sort = desc shadow: format = zfs-auto-snap_%S-%Y-%m-%d-%H%M shadow: localtime = yes [shares] path = /pool/shares hide unreadable = yes browseable = yes guest ok = yes writeable = yes read only = no create mask = 0775 directory mask = 0775 vfs object = recycle,shadow_copy2 recycle:repository = .recycle recycle:keeptree = yes recycle:versions = yes shadow: snapdir = .zfs/snapshot shadow: sort = desc shadow: format = zfs-auto-snap_%S-%Y-%m-%d-%H%M shadow: localtime = yes [AVMTEST] path = /pool/AVMTEST browseable = no guest ok = no writeable = yes read only = no create mask = 0775 directory mask = 0775 [interchange] path = /pool/interchange hide unreadable = yes browseable = yes guest ok = yes writeable = yes read only = no create mask = 0770 directory mask = 0770 #unassigned_devices_start #Unassigned devices share includes # include = /tmp/unassigned.devices/smb-settings.conf #unassigned_devices_end

My one machine with multichannel on was the affected machine, turning it off didn't help. I have a funny bug now with Unassigned Devices putting it's config at the bottom of the smb-extra.conf file and fully commenting it out. My other machines don't do this. There is nothing in the smb-setting.conf file but this started after I removed teh multichannel setting from smb-extra.conf. I'm down to just my own account being the only one that my affected server can't recognize so I'm able to live this with. Oct 6 13:50:50 <SERVERNAME> smbd[22464]: check_account: Failed to convert SID S-1-5-21-2194464868-3260781856-949890820-1145 to a UID (dom_user[<DOMAIN>\<USERNAME>])

Yep, add me to the list a affected users now too. Zentyal 6.1 as a domain controller Windows 10 workstations Multiple Unraid Machines with ZFS Only the heavily used Fileserver (smb) being affected for the last 5 days. Starts with me (the heaviest user) getting forgotten about first, then it forgets some groups, then it's end user chaos. Reach out to me if you want a test environment of 60 users.

WONDERFUL! THANK YOU! This syslog entry has been a real pain when trying to troubleshoot a server for other issues. So much more makes sense now. Patching that samba code to get right of the syslog entry would be really helpful. edit: oh, kernel recompiling... Thank you again.

This is the definitive answer and solution to this issue. If you have an unraid server joined to a samba domain and are getting repeated entries in your syslog: <TIMESTAMP> <SERVERNAME> winbindd[6589]: [<TIMESTAMP>, 0] ../../source3/winbindd/idmap_hash/idmap_hash.c:115(idmap_hash_initialize) <TIMESTAMP> <SERVERNAME> winbindd[6589]: idmap_hash_initialize: The idmap_hash module is deprecated and should not be used. Please migrate to a different plugin. This module will be removed in a future version of Samba * CAUTION * Making these changes you will have to re-apply all permissions on files/folder that are Domain related * CAUTION * All Unraid servers in your Domain will need the same exact settings Modify your /boot/config/smb-extra.conf file like this: idmap config * : backend = tdb <-- Used to be hash> idmap config * : range = 3000-7999 <-- Range enough for local users> idmap config <SHORTDOMAINNAME> : backend = rid idmap config <SHORTDOMAINNAME> : range = 10000-4000000000 The following is a paraphrase of an explanation of how this works. Link below for source. All Domain users, groups and computers have a SID. The last part of the 'SID' is called the 'RID' and these are all unique and are set when the object is created and normal users etc usually start at 1000 (though this will be different depending on which DC they are created on). You cannot rely on the RID to identify what the object is, '1000' could be a user, '1001' could be a group, but, if that is the case, there will never be a user with the RID '1001'. To put it another way, RID's are issued consecutively to the next object, no matter what it is. Now you know how Windows issues ID's, how does Samba map them to Unix users and groups ? This can be done by winbind and the 'rid' idmap backend (there are other backends). If you do use the 'rid' idmap backend, it uses this formula: ID = RID + LOW_RANGE_ID 'ID' is the required Unix ID 'RID' is the Windows user or group ID 'LOW_RANGE_ID' is the number set in smb.conf (which is '10000' in the example I supplied). So, if the RID was '1000', the calculation would become: ID = 1000 + 10000 So the 'ID' is '11000' and always will be, even on other Samba fileservers, provided you use the same basic smb.conf Rowland - https://www.spinics.net/lists/samba/msg175409.html Thank you Rowland.

The Whole Picture: On Server ZFS Data set = pool/data Mount Point = /pool/data 1. Make sure sharenfs=off (zfs set sharenfs=off pool/data) 2. edit /etc/exports, add line "/pool/data" -async,no_subtree_check,fsid=111 *(sec=sys,rw,no_root_squash,no_all_squash)" Note: fsid has to be a unique number for each share. Unraid starts them at 100 3. restart nfsd (/etc/rc.d/rc.nfsd restart) Make a script that inserts the line in step 2 into the /etx/exports file on boot. On Client Use the Unraid GUI on the Main tab to mount and NFS share Yes it connects My Issue: Permissions of files and folders on Client (all files 777 nobody:users) do not reflect those on the Server (770 <user name>:domain users> Is this something NFSv4 can solve? Making it an SMB share has the same issue with permissions. Both Client and Server connected to the same domain.

I'll give this a try on Thrusday when I stay after work to do server updates. It may solve an issue with VM's in Unraid not responding to logitech wireless keyboard and mouse when the monitor goes to sleep. The current solution is to move the usb receiver to a different port on the usb hub and they system wakes up and responds. This also happens intermittantly so it's been hard to troubleshoot.

It a 5 desktop system for in a helicopter hangar. We needed a mobile, small foot printer with as few wires as possible. WiFi sucks around large metal objects. So I came up with this. It has 1 power cord and 1 ethernet cord. The Techs working on the helicopter can have their workstation with manuals, drawings, our managment software, email, etc. all right next to whichever aircraft they are working on. The UPS allows them to unplug and move without powering down, the printer is right there too. I've got a second one running with the USB Manager plugin and now the guys can plug in their camera's and phones to get pics off them as well. It's really working well.

It would definatly be used becuase I've got 5 VM's with a 4 Port USB 3.0 hub each, 2 mappings per port = 40 mapped ports. I also found that if you have more than say 8 ports mapped, the unRAID gui button for going to the top of the page interfears with the X to remove the mapping on the last mapping entry. It's still able to be selected, you just need very fine mouse control. See if you can replicate this. Thanks.

Wow, thanks. This wasn't a critizism BTW. Just how I got it to work.

I have the Hydra2 machine in my office and plugged a USB 3.0 card in the open PCIe slot. It came up on it's own IOMMU group. I can now confirm that all PCIe slots come up in their own IOMMU group. Testing the Video Card issue in this slot that I was having before. Trying to disable the auto SLI bridging in the BIOS. UPDATE: can not get passthrough to work with video cards in both PCIe x16 slots. Motherboard trys to run both cards in SLI mode. Solution: run anything but a video card in the second PCIe x16 slot.